Jen Easterly, the nominee to take over the Cybersecurity and Infrastructure Security Agency, would like Congress to rethink the way it oversees agency security. Easterly says that would require reforming the Federal Information Security Modernization Act (FISMA).
- Karen Evans, former federal chief information officer and now partner at KE&T Partners, said there is a culture shift away from a heavy focus on compliance, a shortcoming of FISMA that holds back security and risk management.
- Evans said Continuous Diagnostics and Mitigation (CDM), an existing program for strengthening cybersecurity, is critical for federal agencies in addition to FISMA reform.
- Evans said she thinks it would be helpful for Congress to hold a hearing highlighting cybersecurity successes and strengths.